• Two or three emails with the content that you think should have triggered a match with one of your keywords

• SpamFilter's activity logfile for the day the above emails were received

• Your SpamFilter.ini file

• The \SpamFilter\Domains directory structure (if the files containing any of your blacklists/whitelists are outside that directory tree, please include those as well.

If the zip is smaller than 8MB, you can email it to us at support at logsat.com. If the zipped file is over 8MB in size, I'll send you via PM a URL where you can upload the files to us.

Please ensure you send us the original emails, with their headers and body unaltered, as we'll need to see the source of the emails to determine what happened. Usually forwarding the emails as attachments rather than inline suffices.

We received your files. Missing from both same emails are all the headers added by SpamFilter, which indicate that the email was never processed by SpamFilter to begin with. These are the SpamFilter headers (which usually start with an X-SF- prefix) to look for:

X-SF-RX-Return-Path:

X-SF-HELO-Domain:

X-SF-Originating-IP:

The emails processed by SpamFilter will also have a "Received" header similar to this:

Checking the MX record for your domain, I see that you have 4 entries in there with different priorities. SpamFilter is installed on the server with priority 10:

nnnnnnnnn.nl.86400INMX10 mail.nnnnnnn.nl

However there are also entries with priorities 15, 20 and 25. On the servers with priorities 15 and 20 you don't have SpamFilter running, but rather have a "Microsoft ESMTP MAIL Service" listening for SMTP traffic. Please note that spammers will often ignore the RFC and send their spam emails directly to secondary MX records, knowing that they are often not as protected as the primary MX records.

You can verify this is exactly what happened in your case by looking at this Received header for one of your email samples:

I've altered the host name to protect your privacy, but if you look at the original email you will see that aaaaaaaa.bbbbbb.nl is the secondary MX server with priority 20 in your DNS (which is not protected by SpamFilter).

To resolve this you would either need to install SpamFilter on all your secondary MX servers (please note that a new license is required for each of them), or install another anti spam solution, or remove the secondary MX records from the DNS.